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METHOD FOR SELECTING EGRESSES OF A MULTI-ISP LOCAL AREA 
NE TWORK M U LT I PLE ISP LOCAL AREA NETWORK EGRESS SELECTING METHOD 

Field of the Invention 

5 [0001] The present invention relates to the network routing 
technology, particularly to a method for selecting egresses of 
a multi-ISP local area network, and more particularly to a method 
for selecting access egresses of a local area network connected 
with multiple ISPs. 

10 

Background of the Invention 

[0002] For convenient description of the present invention and the 
prior art, definitions of the following phrases in the 
Specification are given hereinafter: 

15 NAT: Network Address Translation; 

ISP: Internet Service Provider; and 

Host route: a corresponding 32-bit mask item of a host 
directly connected with a network device in a routing, table. 
The Address Resolution Protocol (ARP) corresponds to each 32-bit 
20 mask item. 

[0003] In general, a campus network is usually configured with 
multiple network egresses to connect with Internet access 
providers . The multiple network egresses are backups for each 
other and perform load sharing so as to improve the bandwidth 
25 and the robustness for the communication between the campus 
network and the external network, which is common in school 
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networks. Usually a school network accesses a public operator 
and an education network. 

[0004] Furthermore, due to the serious shortage of IP addresses 
currently, the campus network uses IP addresses in private 
5 networks and accesses the Internet through NAT. Since different 
access providers provide different policies of access accounting 
and flow control, it is necessary to perform NAT multi-egress 
policy control on the outgoing traffic of the campus network. 
Under the NAT multi-egress policy control, it is possible to 

10 select an ISP egress in accordance with source information and 
destination information of subscriber packets to save the charge 
for access and implement hierarchy management of subscribers. 
For example, in the school network, the charge for abroad traffic 
is lower by accessing the public operator (e.g., the Telecom) 

15 than by accessing the education network. In contrast, access to 
the education network for domestic traffic can effectively save 
charge, since the education network does not charge for domestic 
traffic. Therefore, it is necessary to perform NAT multi-egress 
policy control, i.e., an egress of the education network is 

20 selected for domestic traffic and an egress of the public 
operator is selected for abroad traffic, and both of the egresses 
shall be backups for each other so that all traffic will be 
switched to one egress when the other fails. 

[0005] Currently, there is not a satisfactory solution used in 
25 predominant core routing switches for the NAT multi-egress 
policy control in the industry. Generally, the following 
solution is adopted in the industry to implement NAT multi-egress 
policy control: 
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[0006] Network is built up with multiple routers, one of which 
performs stream classification on the packets in accordance with 
source information and destination information of the packets, 
and the classified pacekts are transferred to the other routers, 
5 which perform NAT operations for the NAT multi-egress policy 
control . 

[0007] FIG.l is a principle diagram of networking of a multi-ISP 
campus network in the prior art . It provides the NAT multi-egress 
policy control function by utilizing a core switch and multiple 

10 dedicated NAT devices. This networking can provide the NAT 
multi-egress policy control function, and the dedicated NAT 
devices in hardware perform NAT operation to ensure the bandwidth. 
However, it is required to add the dedicated NAT devices, i.e., 
each ISP egress needs to be equipped with a dedicated NAT device, 

15 resulting in increased cost of networking and increased failure 
points . 

[0008] Furthermore, as described above, the NAT multi-egress policy 
control function is implemented by the hybrid networking for the 
multiple devices, so that the core routing switch can not sense 
20 the failure of a NAT device when the NAT device at any ISP egress 
fails, resulting in stream interruption at the ISP egress, and 
therefore it is necessary to manually modify the complicated 
stream classification policy to achieve backup of the multiple 
ISP egresses. 

25 

Summary of the Invention 

[Oo|)9] An object aspect of the present invention aims to provide 
a method for selecting egresses of a multi-ISP local area network 
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to solve the problems of increased coot and failure points due 
to the provioion of multiple dedicated NAT devicco and to be 
adapted for the demand of distributed forwarding. It can realize 
complicated forwarding policy with wire speed and nonblocking, 
5 and can also achieve backup for egress links. 

[0010] An aspect of the present invention provides a method for 
selecting egresses of a multi-ISP local area network, including 
the steps of: 

providing a distributed NAT board for NAT in the routing 
10 switch; 

presetting a NAT address pool corresponding to each of the 
ISP egresses for NAT ; 

querying in a routing table upon request of an outgoing 
packet from the local area network, and determining a next hop 
15 of the route for the packet; and 

determining whether it is necessary to perform NAT at the 
ISP egress corresponding to the next hop of the route; and if 
yes, selecting one of the NAT address pools corresponding to 
the ISP egress, performing corresponding NAT by the NAT board, 
20 and forwarding the packet to the egress user board corresponding 

to the ISP; otherwise, forwarding the packet to the egress user 
board corresponding to the ISP. 

[0011] Preferably, the step of presetting a NAT address pool 
corresponding to each of the ISP egresses for NAT includes the 
25 steps of: 

binding each of outgoing interfaces connected with the ISP 
with a corresponding one of the NAT address pools; and 
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creating a NAT policy tree in accordance with combination 
of the outgoing interface and the source IP address as a keyword 
upon request for access, wherein leaf nodes of the NAT policy 
tree store binding relation between each of outgoing interfaces 
5 connected with the ISP and the corresponding NAT address pool 

and the NAT policy information of the slot number of the NAT 
board. 

[0012] Preferably, the step of determining whether it is necessary 
to perform NAT includes the steps of: 

10 detecting whether there is a public network flag in the 

routing table item hit by the subscriber traffic; if yes, 
determining whether one of the leaf nodes of the NAT policy tree 
is hit in accordance with the combination of the outgoing 
interface and the source IP address as a keyword; and if one 

15 of the leaf nodes of the NAT policy tree is hit, determining 

it is necessary to perform NAT, otherwise, determining it is 
unnecessary to perform NAT. 

[0013] Preferably, the step of selecting one of the NAT address 
pools corresponding to the ISP egress includes the steps of: 

20 performing matching in the leaf nodes of the policy tree 

in accordance with the combination of the outgoing interface 
and the source IP address as a keyword; and 

obtaining the address pool and the slot number of the NAT 
board from the matched leaf node of the policy tree. 

25 [0014] Preferably, the created NAT policy tree may be a binary tree. 

[0015] Preferably, the method may further include the steps of: 

classifying the routes of the local area network into a 

5 
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general route and a policy route, and setting a routing policy 
for the policy route, wherein the general route is a standby 
for the policy route; 

the step of querying in a routing table upon request of 
5 an outgoing packet from the local area network and determining 
a next hop of the route for the packet comprising the steps of: 

determining the policy route and/or the general route 
corresponding to the next hop; 

determining whether ^-he — ISP egress corresponding to the 
10 policy route is available; and if available, replacing the 
destination address route with the policy routing result; 
otherwise, utilizing the destination address route of the 
primary general route. 

[0016] Preferably, the step of determining whether the policy route 
15 is available includes the steps of: 

querying in the routing table in accordance with the next 
hop of the policy route; and 

determining whether the next hop can hit the 32-bit mask 
.route corresponding to a directly-connected host; and if yes, 
20 determining the policy route is available, otherwise, 
determining the policy route is unavailable. 

[0017] Preferably, the step of determining a next hop of the route 
for the packet includes the step of: 

determining whether the route corresponds to a plurality of 
25 next hops; and if yes, performing traffic sharing by the 

plurality of corresponding ISPs. 

[0018] Preferably, the routing switch includes a routing module 
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and a NAT module completely separated from each other, wherein 
the routing module determines route egress for the subscriber 
traffic; the NAT module determines whether to perform NAT and 
which NAT address pool to be selected. 

5 [0019] In accordance with the source IP address, the outgoing 
interface, the general route and the policy router, the 
embodiments of the present invention determine whether it is 
necessary to perform NAT for packet forwarding and determine the 
binding relation between the address pools and the outgoing 
10 interfaces, and add the NAT strategy tree describing the binding 
relation with the address pool. Moreover, the routing module is 
separated from the NAT module so as to meet the demand of 
distributed forwarding, implementing complicated forwarding 
policy and wire speed and nonblocking forwarding. 

15 

Brief Description of the Drawings 

[0020] FIG.l is a networking principle diagram of a conventional 
multi-ISP campus network; 

[0021] FIG. 2 is a flow diagram of a NAT multi-ISP policy forwarding 
20 according to an embodiment of the present invention; and 

[0022] FIG. 3 is a flow diagram showing the NAT policy forwarding 
with reference to a particular device according to the other 
embodiment of the present invention. 

25 Detailed Description of the Embodiments 

[0023] The key of the preferred embodiments of the present invention 



7 



Marked-Up Copy of Specification 
Attorney Docket No. 14565.0010USWO 

lies in that a NAT policy table is added in the forwarding plane 
where NAT policy control is directly performed when forwarding 
the data stream, so that the core routing switch can not only 
accomplish the complicated NAT policy control, but also take 
5 advantage of high performance of the distributed forwarding 
plane. Thus, the core routing switch at the core position of the 
campus network can independently provide the NAT policy function, 
resulting in simplification of the network. 

[0024] The following two major technical problems can be solved 
10 by addition of the NAT policy table to realize the NAT policy 
function : 

[0025] 1. It enables selection of ISP egresses in accordance with 
subscriber source information and outgoing interface 
information, flexible accounting and flow control policy can be 
15 implemented in combination with multiple ISPs, and the charge 
for outgoing traffic of subscribers can be saved. 

[0026] 2. It enables hot backup among the multiple ISP egresses, 
i.e., automatically and rapidly switching to another ISP egress 
without any manual intervention upon detection of a failed ISP 
20 egress. 

[0027] FIG. 2 is a flow diagram of NAT multi-ISP policy forwarding 
according to a preferred embodiment of the present invention. 
The NAT policy table is added in the forwarding plane. The policy 
table is stored in a tree form. The index of the table is the 
25 source IP address plus the outgoing interface, and the content 
in the items of the table is bound ISP egress information 
including address pool, restriction on the number of links, etc. 
During the forwarding, query is performed in the routing table 
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and the policy route, and performs query in the NAT policy table, 
obtains ISP egress information and performs the NAT according 
to the obtained ISP egress information. When the ISP egress fails, 
selecting an available ISP automatically to achieve hot backup 
5 among the multiple ISPs. 

[0028] The forwarding steps will be described in detail as follows: 

[0029] 1. A forwarding outgoing interface A is determined for a 
packet by querying in the routing table in accordance with the 
destination IP address of the packet; 

10 [0030] 2. The flow determines whether it is necessary to perform 
policy routing in accordance with system configuration 
information, and if unnecessary, the flow performs query in the 
NAT policy tree by using the source IP address plus the outgoing 
interface A, and then jumps to step 5; if necessary, the flow 

15 executes step 3; 

[0031] 3. An outgoing interface B is determined for the packet by 
performing policy routing in accordance with the result of 
complicated stream classification; 

[0032] 4. The flow determines whether the outgoing interface B is 
20 valid, and if the outgoing interface B is valid, the flow performs 
query in the policy tree by using the source IP address plus the 
outgoing interface B; if the outgoing interface B is invalid, 
the flow performs query in the policy tree by using the source 
IP address plus the outgoing interface A; and 

25 [0033] 5. An ISP egress is selected in accordance with the query 
result of the NAT policy tree, the NAT operation is performed 
on the packet, and the packet is sent out over the link 
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corresponding to selected ISP egress. 

[0034] The backup of the multiple ISP egresses may be implemented 
by the following two means: 

[0035] 1. As for the policy route, an outgoing interface of the 
5 general route will be utilized automatically if the outgoing 
interface of the policy route is invalid. 

[0036] 2. As for the general route, if the outgoing interface of 
the general route is invalid, the route processing system of the 
core routing switch will automatically perform route 
10 recalculation, select a new route, and distribute the new route 
in the routing table, so as to achieve the backup of multiple 
ISP egresses. 

[0037] In order to meet the controllability requirement on devices 
in the campus network connected with multiple ISP egresses in 
15 case of hybrid networking with multiple address spaces, the 
policy NAT in the preferred embodiment of the present invention 
will realize the following three critical functions: 

[0038] A. The outgoing egress for subscriber traffic should not 
be determined merely by the general route. The improved policy 
20 route has to be completed and the backup must be implemented for 
the policy route through the general route. 

[0039] B. The following requirements must be met: subscribers 
within one private network can access the public network via 
egresses provided by different ISPs; and when one subscriber in 
25 the private network accesses the public network via different 
egresses, the address of the subscriber in the private network 
can be translated into an address in the public network in 
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different address pools, i.e., the NAT must be performed by the 
address pool bound with the egress when the address space of the 
subscriber is not consistent with his egress space. 

[0040] C. The routing module is completely separated from the NAT 
5 module: the routing module (including the destination address 
route and the policy route) determines the egress of the 
subscriber traffic, and the NAT module determines whether to 
perform NAT and which address pool to select. 

[0041] In order to attain the object that the egress of the 

10 subscriber traffic should not be determined merely in accordance 
\ with the general route, the improved policy route must be 

completed, and the backup must be implemented for the policy 
route through the general route, the general route is utilized 
to backup the policy route, i.e., the subscriber traffic will 

15 be forwarded automatically in accordance with the general route 
when the policy route is not available. In the embodiment of the 
present invention, the next hop of the policy route is searched 
in the routing table, since the next hop of the available route 
generally corresponds to a directly-connected host, whether the 

20 32-bit mask route corresponding to the directly-connected host 
can be hit will be taken as the criterion for determining whether 
the policy route is available. If the 32-bit mask route 
corresponding to the directly-connected host can be hit, the 
policy route is available; if the 32-bit mask route corresponding 

25 to the directly-connected host can not be hit, the policy route 
is invalid and thus the general route is utilized for forwarding. 

[0042] In order to implement that subscribers in one private network 
can access the public network via the egresses provided by 
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different ISPs, and that when a subscriber in one private network 
accesses the public network via different egresses, the address 
of the subscriber in the private network shall be translated into 
an address in the public network in different address pools , i.e., 
5 the NAT must be performed by the address pool bound with the egress 
for the subscriber traffic when the address space of the 
subscriber is not consistent with his egress space, thus the 
embodiment of the present invention performs translation on 
different subscriber traffic in accordance with different 

10 address pools via different ISP egresses in the embodiment of 
the present invention. In the embodiment of the present invention, 
the address pools are not registered in global mode but bound 
with outgoing interfaces. Meanwhile, in order to identify 
whether it is necessary to perform NAT and which NAT address pool 

15 to be selected, a NAT policy tree is created through combination 
of the outgoing interface and the source IP address, recording 
the binding relation of the address pools and the slot number 
of the distributed dedicated NAT board. Whether there is a public 
network flag in the routing table item hit by the subscriber 

20 traffic is taken as the enablement switch to search in the NAT 
policy tree. The flag is configured by the subscriber at the 
outgoing interface connected with an ISP, and any route related 
with the outgoing interface contains such a public network flag. 
If using the combination of the outgoing interface and the source 

25 IP address as a keyword can hit a leaf of the NAT policy tree, 
it indicates that it is necessary to perform NAT before the packet 
is sent out, thus the address pool and the slot number of the 
NAT board are obtained from the leaf of the NAT policy tree, and 
the packet is forwarded to the NAT board to process; otherwise, 
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it indicates that the address of the subscriber is an address 
in the public network, thus the subscriber and the ISP connected 
herewith pertain to the same address space, therefore, it is 
unnecessary to perform NAT, and the packet is forwarded to a 
5 corresponding ISP egress subscriber board to process in 
accordance with the route information. 

[0043] For complete separation of the routing module from the NAT 
module, the routing module (including the destination address 
route and the policy route) determines an egress for the 

10 subscriber traffic, and the NAT module determines whether to 
perform NAT and which address pool to be selected. The embodiment 
of the present invention adopts the complete separation of the 
routing module from the NAT module to ensure clear logical 
separation and no influence in function between them, so that 

15 there is sufficient space for achieving combination of 
forwarding logics of various complicated streams from different 
subscribers . 

[0044] FIG. 3 is a flow diagram showing the NAT policy forwarding 
with reference to a particular device according to another 
20 preferred embodiment of the present invention. 

[0045] In step 210, the flow performs searching in the routing table 
in accordance with the destination IP address, to determine a 
possible next hop in accordance with the routing table; 

[0046] In step 220, the flow determines whether there are multiple 
25 next hops according to the searched routing table; 

[0047] If there are multiple next hops in step 220, the flow performs 
traffic sharing on the multiple next hops in step 230, and then 
goes to step 240, where the flow determines whether the policy 
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route is matched successfully; 

[00^8] If the flow determines in step 220 that there is no multiple 
next hops but only one next hop, the flow will directly go to 
step 240, where the flow determines whether the policy route is 
5 matched successfully; 

[0049] If it is determined in step 240 that there is a successful 
match for the policy route, the flow goes to step 250, where it 
is determined, by searching in the routing table in accordance 
with the next hop of the policy route, whether the route of a 

10 host can be hit; if it is determined in step 250 that the route 
of a host can be hit, the flow will go to step 260, where the 
destination address of the route is covered with the searching 
result in the policy route. Then the flow goes to step 270, where 
whether there is a public network flag in the routing table item 

15 is determined; 

[0050] If it is determined in step 240 that there is an unsuccessful 
match for the policy route, or if it is determined in step 250 
that the route of a host can not be hit, the flow will go to step 
270; 

20 [0051] If it is determined in step 270 that there is a public network 
flag, goes to step 280, where whether a leaf of the NAT policy 
tree is hit is determined by searching in the NAT policy tree 
in accordance with the source IP address and the outgoing 
interface; 

25 [0052] If it is determined in step 280 that a leaf of the NAT policy 
tree is hit, the flow goes to step 290, where an address pool 
number is obtained in accordance with the searching result. The 
packet is in turn forwarded in step 310 via the switching network 
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to the distributed NAT processing device of the NAT board to 
perform NAT. In step 300, the packet will enter the switching 
network; 

[0053] If it is determined in step 270 that there is no public 
5 network flag, or if it is determined in step 280 that the route 
of a host is not hit, the flow will go to step 300 to process 
via the switching network; 

[0054] Finally, in step 320, the packet is forward to the egress 
user board in accordance with the routing result. 

10 [0055] The above descriptions are preferred embodiments of the 
present invention, wherein the described methods are merely for 
the purpose of exemplification, and not intended to limit the 
scope claimed for the invention, and all the equivalent 
variations of the description and the appended drawings shall 

15 be included in the scope of claims of the present invention. 
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CLAIMS 

What is claimed is: 

1. A method for selecting egresses of a multi-ISP local 
area network, for controlling a plurality of ISP cgrcooco in the 
local area network comprising a routing switch, which comprises 
an egress user board for processing of the ISP egresses, the 
method comprising the steps of: 

providing a distributed network address translation ( NAT) 
board for NAT in the routing switch; 

presetting a NAT address pool corresponding to each of the 
ISP egresses for NAT ; 

querying in a routing table upon request of an outgoing 
packet from the local area network, and determining a next hop 
of the route for the packet; and 

determining whether it is necessary to perform NAT at the 
ISP egress corresponding to the next hop of the route; and if 
yes, selecting one of the NAT address pools corresponding to 
the ISP egress, performing corresponding NAT by the NAT board, 
and forwarding the packet to the egress user board corresponding 
to the ISP; otherwise, forwarding the packet to the egress user 
board corresponding to the ISP. 

2. The method for selecting egresses of a multi-ISP local 
area network according to claim 1, wherein the step of presetting 
a NAT address pool corresponding to each of the ISP egresses 
comprises the steps of: 

binding each of outgoing interfaces connected with the ISP 
with a corresponding one of the NAT address pools; and 
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creating a NAT policy tree in accordance with combination 
of the outgoing interface and the source IP address as a keyword 
upon request for access, wherein leaf nodes of the NAT policy 
tree store binding relation between each of the outgoing 
5 interfaces connected with the ISP and the corresponding NAT 
address pool and the NAT policy information of the slot number 
of the distributed NAT board. 

3. The method for selecting egresses of a multi-ISP local 
10 area network according to claim 2, wherein the step of 

determining whether it is necessary to perform NAT comprises 
the steps of: 

detecting whether there is a public network flag in the 
routing table item hit by the subscriber traffic; 
15 if yes, determining whether one of the leaf nodes of the 

NAT policy tree is hit in accordance with the combination of 
the outgoing interface and the source IP address as a keyword; 
and 

if one of the leaf nodes of the NAT policy tree is hit, 
20 determining it is necessary to perform NAT; otherwise, 
determining it is unnecessary to perform NAT. 

4. The method for selecting egresses of a multi-ISP local 
area network according to claim 2, wherein the step of selecting 

25 one of the NAT address pools corresponding to the ISP egress 
comprises the steps of: 

performing matching in the leaf nodes of the policy tree 
in accordance with the combination of the outgoing interface 
and the source IP address as a keyword; and 
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obtaining the address pool and the slot number of the NAT 
board from the matched leaf node of the policy tree. 

5. The method for selecting egresses of a multi - ISP local 
area network according to claim 2, wherein the created NAT policy 
tree is a binary tree. 

•6r -5 . The method for selecting egresses of a multi-ISP local 
area network according to any one of claims- 1 to 5 , further 
comprising the steps of: 

classifying the routes of the local area network into a 
general route and a policy route, and setting a routing policy 
for the policy route, wherein the general route is a standby 
for the policy route; 

the step of querying in a routing table upon request of 
an outgoing packet from the local area network and determining 
a next hop of the route for the packet comprising the steps of: 

determining the policy route and/or the general route 
corresponding to the next hop; 

determining whether the ISP egress corresponding to the 
policy route is available; and if available, replacing the 
destination address route with the policy routing result; 
otherwise, utilizing the destination address route of the 
primary general route. 

: ^-6 . The method for selecting egresses of a multi-ISP local 
area network according to claim — & 5, wherein the step of 
determining whether the policy route is available comprises the 
steps of: 
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querying in the routing table in accordance with the next 
hop of the policy route; and 

determining whether the next hop can hit the 32-bit mask 
route corresponding to a directly-connected host; and if yes, 
determining the policy route is available, otherwise, 
determining the policy route is unavailable. 

-g-r-7 . The method for selecting egresses of a multi-ISP local 
area network according to claim — & 5, wherein the step of 
determining a next hop of the route for the packet comprises 
the step of: 

determining whether the route corresponds to a plurality 
of next hops; and if yes, performing traffic sharing by the 
plurality of corresponding ISPs. 

■9-T-8 . The method for selecting egresses of a multi-ISP local 
area network according to claim-6 5, wherein the routing switch 
comprises a routing module and a NAT module completely separated 
from each other, wherein 

the routing module determines route egress for the 
subscriber traffic; and 

the NAT module determines whether to perform NAT and which 
NAT address pool to be selected. 

9. The method for selecting egresses of a multi-ISP local 
area network according to claim 2, further comprising the steps 
of: 

classifying the routes of the local area network into a 
general route and a policy route, and setting a routing policy 
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for the policy route, wherein the general route is a standby 
for the policy route; 

the step of querying in a routing table upon request of 
an outgoing packet from the local area network and determining 
a next hop of the route for the packet comprising the steps of: 

determining the policy route and/or the general route 
corresponding to the next hop; 

determining whether the ISP egress corresponding to the 
policy route is available; and if available, replacing the 
destination address route with the policy routing result; 
otherwise, utilizing the destination address route of the 
primary general route. 

10. The method for selecting egresses of a multi-ISP local 
area network according to claim 9, wherein the step of 
determining whether the policy route is available comprises the 
steps of: 

querying in the routing table in accordance with the next 
hop of the policy route; and 

determining whether the next hop can hit the 32-bit mask 
route corresponding to a directly-connected host; and if yes, 
determining the policy route is available, otherwise, 
determining the policy route is unavailable. 

11. The method for selecting egresses of a multi-ISP local 
area network according to claim 9, wherein the step of 
determining a next hop of the route for the packet comprises 
the step of: 

determining whether the route corresponds to a plurality 
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of next hops; and if yes, performing traffic sharing by the 
plurality of corresponding ISPs. 

12. The method for selecting egresses of a multi-ISP local 
area network according to claim 9, wherein the routing switch 
comprises a routing module and a NAT module completely separated 
from each other, wherein 

the routing module determines route egress for the 
subscriber traffic; and 

the NAT module determines whether to perform NAT and which 
NAT address pool to be selected. 

13. The method for selecting egresses of a multi-ISP local 
area network according to claim 3, further comprising the steps 
of: 

classifying the routes of the local area network into a 
general route and a policy route, and setting a routing policy 
for the policy route, wherein the general route is a standby 
for the policy route; 

the step of querying in a routing table upon request of 
an outgoing packet from the local area network and determining 
a next hop of the route for the packet comprising the steps of: 

determining the policy route and/or the general route 
corresponding to the next hop; 

determining whether the ISP egress corresponding to the 
policy route is available; and if available, replacing the 
destination address route with the policy routing result; 
otherwise, utilizing the destination address route of the 
primary general route. 



21 



Marked-Up Copy of Specification 
Attorney Docket No. 14565.0010USWO 



14 . The method for selecting egresses of a multi-ISP local 
area network according to claim 13/ wherein the step of 
determining whether the policy route is available comprises the 
steps of: 

guerying in the routing table in accordance with the next 
hop of the policy route; and 

determining whether the next hop can hit the 32-bit mask 
route corresponding to a directly-connected host; and if yes, 
determining the policy route is available, otherwise, 
determining the policy route is unavailable. 

15. The method for selecting egresses of a multi-ISP local 
area network according to claim 13, wherein the step of 
determining a next hop of the route for the packet comprises 
the step of: 

determining whether the route corresponds to a plurality 
of next hops; and if yes, performing traffic sharing by the 
plurality of corresponding ISPs. 

16. The method for selecting egresses of a multi-ISP local 
area network according to claim 13, wherein the routing switch 
comprises a routing module and a NAT module completely separated 
from each other, wherein 

the routing module determines route egress for the 
subscriber traffic; and 

the NAT module determines whether to perform NAT and which 
NAT address pool to be selected. 
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17. The method for selecting egresses of a multi-ISP local 
area network according to claim 4, further comprising the steps 
of: 

classifying the routes of the local area network into a 
general route and a policy route, and setting a routing policy 
for the policy route, wherein the general route is a standby 
for the policy route; 

the step of querying in a routing table upon request of 
an outgoing packet from the local area network and determining 
a next hop of the route for the packet comprising the steps of: 

determining the policy route and/or the general route 
corresponding to the next hop; 

determining whether the ISP egress corresponding to the 
policy route is available; and if available, replacing the 
destination address route with the policy routing result; 
otherwise, utilizing the destination address route of the 
primary general route. 

18. The method for selecting egresses of a multi-ISP local 
area network according to claim 17, wherein the step of 
determining whether the policy route is available comprises the 
steps of: 

querying in the routing table in accordance with the next 
hop of the policy route; and 

determining whether the next hop can hit the 32-bit mask 
route corresponding to a directly-connected host; and if yes, 
determining the policy route is available, otherwise, 
determining the policy route is unavailable. 
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19. The method for selecting egresses of a multi-ISP local 
area network according to claim 17, wherein the step of 
determining a next hop of the route for the packet comprises 
the step of: 

determining whether the route corresponds to a plurality 
of next hops; and if yes, performing traffic sharing by the 
plurality of corresponding ISPs. 

20. The method for selecting egresses of a multi-ISP local 
area network according to claim 17, wherein the routing switch 
comprises a routing module and a NAT module completely separated 
from each other, wherein 

the routing module determines route egress for the 
subscriber traffic; and 

the NAT module determines whether to perform NAT and which 
NAT address pool to be selected. 
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Abstract 

A method for selecting egresses of a multi-ISP local area 
network, the local area network including a routing switch, 
which includes an egress user board, the method including the 
steps of: providing a network address translation (NAT) board 
for NAT; presetting a NAT address pool corresponding to each 
ISP egress; guerying in the routing table upon request of an 
outgoing packet from the local area network, determining the 
next hop for the packet; and determining whether it is necessary 
to perform NAT at the ISP egress corresponding to the next hop; 
wherein if necessary, selecting one of the NAT address pools 
corresponding to the ISP egress, performing NAT by the NAT board, 
and forwarding the packet to the egress user board corresponding 
to the ISP; and if unnecessary, forwarding the packet to the 
egress user board corresponding to the ISP. The prcocnt invention 
discloses a Multiple ISP local area network egress OGlccting 
method, comprising: octting the local area network routing as 
normal routing and strategic routing; setting the routing plan 
of the strategic routing; creating NAT address pool; in the case 
that there io egress rcgueot from inside of local area network, 
inguiring the routing table, — determining the normal routing 
and/or strategic routing of the next hop; deciding the whether 
the strategic routing is available, if it is available, covering 
the destination address by strategic routing result; if it io 
unavailable, — then — using — fc-he — original — destination — address; 
deciding if it needs NAT convert, if it needs convert, selecting 

NAr? — address — pool — aftd — egress — user — board; returning — fee 

distributing NAT processing cguipmcnt, achieving NAT convert; 
sending the message to egress user board according routing 
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rcoult. If it doesn't need NAT convert, sending the mcooagc to 
user board according routing information. The present invention 
achieves complicated transfer strategy, and the line speed is 
unobstructed 
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